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IN THE CLAIMS: 

Please amend the claims as follows: 

1 . (currently amended) A method for managing cryptographic k e ys that ar e 
sp o cific to a p e rson al devic e , comprising: 

retrieving in a secure processing point separated from and arranged in 
communication with the personal device, a unique chip identifier from a read-only 
storage of an integrated circuit chip included in the-a_personal device; 

the secure processing point assembling a data package and loading the data 
package in the personal device for storage therein, the data package including at least 
one cryptographic kev specific to the personal device ; 

receiving at the secure processing point, in response to storing the data package, 
a backup data package from the personal device, which backup data package is the 
data package encrypted with a unique secret chip key stored in a tamper-resistant 
secret storage of the integrated circuit chip included in the personal device; 

associating the unique chip identifier with the received backup data package; and 
storing the backup data package and the associated unique chip identifier in a 
permanent public database separated from the personal device; 
wherein the secure processing point further performs: 
associating a unioue device identity with the unique chip identifier: 
signing the result of said associating with a manufacturer private signature kev 
corresponding to a manufacturer public signature kev stored in a read-only memory of 
the personal device, thereby generating a certificate for the unioue device identity: 
storing the certificate in the device: and 

storing the unigue device identity and the certificate in association with the 
backup data package and the unigue chip identifier in the permanent public database . 

2. (canceled) 
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3. (original) The method as claimed in claim 1 , wherein the at least one 
cryptographic key includes at least one key to be used for a secure, key based 
communication channel between a personal device manufacturer and the personal 
device. 

4. (original) The method as claimed in claim 3, wherein the at least one key to be 
used for a secure, key based communication channel includes a symmetric key. 

5. (original) The method as claimed in claim 4, wherein the symmetric key is 
generated as a function of a master key and the unique device identity. 

6. (original) The method as claimed in claim 3, wherein the at least one key to be 
used for a secure, key based communication channel includes a private/public key pair. 

7. (currently amended) The method as claimed in claim 6, wherein the 
private/public key pair either is: 

generated by the secure processing point during assembly of the personal 
device; or 

generated and stored in advance in a secure database before assembly of the 
personal device, in which latter case the cryptographic keys stored in advance of 
assembly are removed from the secret secure database after reception of the backup 
data package. 

8. (currently amended) The method as claimed in claim 21, wherein the personal 
device is a wireless communications terminal and the unique device identity is an 
identifier which identifies the wireless communications terminal in a wireless 
communications network. 

9. (currently amended) A system for manag i ng cryptographic k e ys that ar e 
spoc i f i c to a personal device, comprising: 

at least one personal device, and 
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a secure processing point, which secure processing point is separated from and 
arranged in communication with the personal device. 

wherein the at least one personal device includes an integrated circuit chip with a 
unique chip identifier in a read-only storage and a unique secret chip key in a tamper- 
resistant secret storage; 

wherein the secure processing point includes a processor configured for 
retrieving the unique chip identifier and for assembling a data package and loading the 
data package in the personal device for storage therein, the data package including at 
least one cryptographic kev specific to said personal device : 

wherein the at least one personal device includes a processor configured for 
encrypting the received data package with the unique secret chip key and transferring a 
resulting backup data package back to the secure processing point; and 

wherein the processor of the secure processing point is arranged for storing the 
received backup data package in association with the unique chip identifier in a 
permanent public database separated from the personal device; 

wherein the processor of the secure processing point further is arranged for: 

associating a unique device identity with the unique chip identifier: 

signing the result of the association with a manufacturer private signature kev 
corresponding to a manufacturer public signature kev stored in a read-only memory of 
the personal device, thereby generating a certificate for the unigue device identity; 

storing the certificate in the personal device: and 

storing the unigue device identity and the certificate in association with the 
backup data package and the unigue chip identifier in the permanent public database , 

10. (canceled) 

1 1 . (original) The system as claimed in claim 9, wherein the at least one 
cryptographic key includes at least one key to be used for a secure, key based 
communication channel between a personal device manufacturer and the personal 
device. 
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12. (original) The system as claimed in claim 11, wherein the at least one key to 
be used for a secure, key based communication channel includes a symmetric key. 

13. (original) The system as claimed in claim 12. wherein the symmetric key is 
generated as a function of a master key and the unique device identity. 

14. (original) The system as claimed in claim 1 1 , wherein the at least one key to 
be used for a secure, key based communication channel includes a private/public key 
pair. 

15. (currently amended) The system as claimed in claim 14, wherein the 
processor of the secure processing point either is: 

arranged for generating the private/public key pair during assembly of the 
personal device: or 

arranged for retrieving the private/public key pair from a secure database, in 
which the key pair has been stored in advance before assembly of the device, in which 
latter case the secure processing point further is arranged for removing the key pair 
from the s e cr e t secure database after reception of the backup data package. 

16. (original) The system as claimed in claim 9, wherein the personal device is a 
wireless communications terminal and the unique device identity an identifier which 
identifies the wireless communications terminal in a wireless communications network. 

17. (currently amended) A method of r e cov e r i ng a b a ckup data package of a 
personal d e v i c e , wh i ch backup data pack a g e has b ee n ass e mb le d and stor e d in 
accordanc e w i th c l a i m 1 , the m e thod comprising: 

reading a unique chip identifier from a read-only storage of the-a_personal device; 
transmitting the chip identifier to a public database; 

receiving from the public database the-a_backup data package which has been 
assembled and stored in accordance with claim 1 and corresponding to the transmitted 
chip identifier; and 
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storing the received backup data package in the personal device. 

18. (currently amended) A personal device comprising: 

an integrated circuit chip with a unique chip identifier in a read-only storage and a 

unique secret chip key in a tamper-resistant secret storage; 

a processor configured for outputting the unique chip identifier; and 
a memory for storing a received data package including at least one 

cryptographic key; 

wherein the processor is further configured for encrypting the received data 
package with the unique secret chip key and outputting a resulting backup data 
package to a pemianent public database separated from said personal device; 

the personal device further comprising: 

a read-only memon/ storing a manufacturer public signature key, wherein the 
memory for storing the received data package is further for storing a received certificate, 
which corresponds to a certificate stored in association with the backup data package in 
the public database and which has been signed with a manufacturer private signature 

key corresponding to the manufacturer public signature key . 

19. (canceled) 

20. (original) The personal device as claimed in claim 18, wherein the at least 
one cryptographic key includes at least one key to be used for a secure, key based 
communication channel between a personal device manufacturer and the personal 
device. 

21. (original) The personal device as claimed in claim 20, wherein the at least 
one key to be used for a secure, key based communication channel includes a 
symmetric key. 

22. (original) The personal device as claimed in claim 21 , wherein the symmetric 
key is generated as a function of a master key and the unique device identity. 
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23. (original) The personal device as claimed in claim 20, wherein the at least 
one key to be used for a secure, key based communication channel includes a 
private/public key pair. 

24. (original) The personal device as claimed in claim 18, wherein the personal 
device is a wireless communications terminal and the unique device identity is an 
identifier which identifies the wireless communications terminal in a wireless 
communications network. 

25. (currently amended) A secure processing point for managing cryptograph i c 
k e ys that arc Gpoc i fic to persona l dev i c e s comprising: 

a processor configured for: 

retrieving a unique chip identifier from a read-only storage of an integrated circuit, 
chip included in a personal device that is separated from said secure processing point; 

assembling a data package and loading the data package in the personal device 
for storage therein, the data package including at least one cryptographic key specific to 
the personal device ; 

receiving an encrypted version of the data package, in the form of a backup data 
package, from the personal device in response to the stored data package; an^ 

storing the received backup data package in association with the unique chip 
identifier in a permanent public database separated from the personal device; 

associating a unique device identity with the unique chip identifier: 

signing the result of the association with a manufacturer private signature key 
corresponding to a manufacturer public signature key stored in a read-only memory of 
the device, thereby generating a certificate for the unique device identity: 

storing the certificate in the device: and 

storing the unique device identity and the certificate in association with the 
backup data package and the unique chip identifier in the permanent public database. 
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26. (canceled) 

27, (currently amended) A device for manag i ng cryptograph i c keys that ar e 
Gpocific to a poroonal d e v i c e , comprising: 

means for retrieving in a secure processing point separated from and arranged in 
communication with the personal device, a unique chip identifier from a read-only 
storage of an integrated circuit chip included in thea personal device; 

means for assembling by the secure processing point a data package and 
loading the data package in the personal device for storage therein, the data package 
including at least one cryptographic key specific to the personal device : 

means for receiving at the secure processing point, in response to storing the 
data package, a backup data package from the personal device, which backup data 
package is the data package encrypted with a unique secret chip key stored in a 
tamper-resistant secret storage of the integrated circuit chip included in the personal 
device; 

means for associating the unique chip identifier with the received backup data 
package; and 

means for storing the backup data package and the associated unique chip 
identifier in a permanent public database separated from the personal device; 
wherein the secure processing point comprises: 

means for associating a unique device identity with the unique chip identifier: 
means for signinq the result of said associating with a manufacturer private 
signature key corresponding to a manufacturer public signature key stored in a read- 
only memory of the personal device, thereby generating a certificate for the unique 
device identity; 

means for storing the certificate in the personal device: and 

means for storing the unigue device identity and the certificate in association with 

the backup data package and the unique chip identifier in the permanent public 

database. 
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